Browser Plug ins becoming essential

Browser plug ins can help users cover holes in many browsers, such as the recent article Users hit by multi-browser threat wherein Computerworld of Australia reported that many browsers are vulnerable to having the user fooled into sending their own files to remote servers via the browser’s scripting capabilities.

In the case of Mozilla and Firefox, the browser plug in NoScript can handle this quite easily, and will also allow the user to activate scripting on any particular site he/she wishes by simply right-clicking on the site and choosing “allow {site name}” in the upcoming menu.

Internet Explorer users however, can only turn off scripting completely to be safe, then manually make scripting available for the “Trusted Sites” zone, and again, manually add his/her trusted sites into that list. It’s a bit old school and tedious, but it will work.

As an interesting side note, according to About.com’s Stephen Chapman, in his short article titled “ActiveX”,

“Microsoft recommend(s) that anyone running Internet Explorer on the internet have activeX turned off…”

Yet when you install Microsoft Windows, the Internet Explorer ActiveX settings are _not_ set to off. Go figure…

As a side note, today (Tue Jun 13, 2006) Yahoo reported that a javascript worm/virus had attacked it’s email users.

The worm exploits a vulnerability in Javascript technology used to make the mail program easier to use…

Full article here. Thanks Vic!

Notably missing from the vulnerable browsers list is the Opera browser… Go Opera! (Opera has, by far, the shortest list of vulnerabilities of all the browsers, and this vulnerability just made Opera look that much better.) See the 2005 browser security comparison here.